Online Payment Tokens


(Ben Green) #1

The current process of having to enter card details in order to pay for anything online isn’t as secure as it ideally could and done often enough it does get tedious.

Could we not pioneer a system to online retailers (start off with the big ones like Amazon and the major supermarkets) that allows us to link the accounts we have with them to our Monzo accounts using unique payment token per retailer per Monzo account? A notification would then be sent to our phone for us to approve the transaction. Could have a “Pay With Monzo” button on the retailer site, with no need to sign into Monzo from there.

It’d remove the worry of leaking our financial information to unauthorised third parties, drastically reduce the risk of fraud and speed up the payment process.


(Sacha) #2

Given the amount of information people store online in various accounts these days I fear that some fraud is inevitable from time to time. At least with Monzo, most users will find out about it almost instantly and be able to freeze accounts which reduces the likely impact.

Would be useful if there was a similar “instant notification” service for any activity on your credit report, this would hopefully enable the flagging of any loans or credits cards being taken out fraudulently using others details before funds were actually released to the fraudsters.


(James Billingham) #3

This already exists - it’s called Apple/Android Pay, based on EMV, works both digitally and with NFC, works with any bank.

It even works via the web now - both on desktop and mobile. When you hit the pay button on the web, your phone/watch notifies you, you touch the home button for a fraction of a second, and it’s done.

No need to invent it again - it works really well.


(Rika Raybould) #4

Going to echo @billinghamj’s post, though it is more platform lock-in, Apple Pay and Android Pay are MUCH more secure and convenient, especially now that Continuity payments (see Apple Pay on Mac) exist. A Monzo only solution is unlikely to see the same merchant takeup as Apple Pay has already achieved.

There are some cool opportunities to maybe explore in 3-D Secure though around the same idea of making a transaction online and verifying it in the app on the phone.


(James Billingham) #5

While Apple/Android Pay themselves are proprietary, they implement protocols which are almost entirely open.

To my knowledge, the only significant thing which isn’t standardized (quite yet, though Apple are working on it) is the JS API for exposing web payments.

Even then though, those interfaces are still openly accessible, so could be implemented by anyone. Stripe, for example, will likely expose the same interface for both Apple Pay & Android Pay on the web.


(Rika Raybould) #6

This is true, there are efforts to standardise the payment buttons and web APIs but that’s just not the case today. :frowning2:

As much as I’m a big fan of IDS and the features that technology brings to macOS, iOS and watchOS (Continuity phone/SMS, zero config tethering, Continuity Payments/Apple Pay on macOS, Handoff, Universal Clipboard, Auto Unlock, most of the Watch, W1 pairing record syncing and audio routing negotiation, AirDrop not asking for confirmation if using two devices you own, etc.), that is a feature that is restricted to the Apple ecosystem. Similarly, from what I’ve heard so far about Android Pay, that’s going to be limited to the Chrome browser.

While it’s possible to debate endlessly about how much that matters in the real world, especially as more purchases go mobile and people replace laptops with tablets. It only really affects me currently using a Windows PC for gaming and dev/testing of a project while also using an iPhone.

Another thing to consider is banks that support one but not the other. In reality, that only really matters to Barclays customers running Android though.